Threat Intelligence Blog

Cyveillance Weekly Trends Report–November 26, 2014

Welcome to the Cyveillance Weekly Trends Report

Since threat intelligence is constantly evolving, we publish this weekly report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.

The future of DDoS may come from Vietnam, India, and Indonesia. Network World reports that although these countries “might not have the most advanced Internet infrastructure, they do have a large number of insecure smartphones coming online, making them the big botnet sources for next year’s distributed denial of service attacks.” The article further highlights that the attackers’ motivation will, not surprisingly, initially be for financial reasons.

Legal and Regulations

On November 3, the Federal Financial Institutions Examination Council (FFIEC), an interagency body that prescribes principles and standards for the federal examination of financial institutions, released a set of general observations drawn from a cyber security examination work program conducted at more than 500 community financial institutions during the summer of 2014. The FFIEC’s report relates to both cyber security inherent risk and risk management practices and preparedness and includes themes and questions for management of financial institutions to consider concerning cyber security and preparedness.

Retail

Between July and September, information security company SafeNet counted 320 reported data breaches, an increase of 25% compared to the third quarter of 2013. Those security failures exposed more than 183 million customer accounts. And the retail industry was hit hard. Retailers accounted for 31% of records stolen—57,216,390 data records—in 47 data breach incidents, or 15% of the data breach incidents. The only industry accounting for more breaches and lost records was the financial industry, with 77,605,972 (42%) records.

Defense

Researchers at Recorded Future studied Uroburous, Energetic Bear, and APT28, three main malware families out of Russia being used for cyberspying. Their research indicates China’s cyber-espionage motivations are based on economic objectives, while Russia’s motivations are that they “want to show the world they are strong politically and that energy is incredibly important to them.” Uroburous — the name used by G Data Software AG — is also known as Epic Turla by Kaspersky Lab, Snake by BAE Systems, and SnakeNet, and has been around since at least 2008. Targets include governments, embassies, defense industry, research and education, and the pharmaceutical industry. The initial attack vector is either spear phishing emails or watering hole attacks via phony Flash player updates.

Cyveillance clients get access to the entire Weekly Trends Report, covering all of the above topics and much more. Contact us to find out how we can help your organization.